If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register or Login
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

public struct pcap_t
{
// contents should mirror the native struct
}
public struct bpf_program
{
// this should match the native version too
}
// Your P/Invoke can look like this now
public static extern int pcap_setfilter(ref pcap_t p, ref bpf_program fp);

Though not everything can be rewritten 'nicely' like this. It depends on the method signature you're trying to wrap. Also if you write the code like this, you *cannot* store the pointer in native code. If you want to store a copy of the data in native code, you'll have to use the IntPtr method like you originally did.

NOTE: My code snippets are just snippets. They demonstrate an idea which can be adapted by you to solve your problem. They are not 100% complete and fully functional solutions equipped with error handling.

Re: SEHException

The reason I put ref before the parameters is because otherwise I get an AccessViolationException.
I managed to get rid of the SEHException by changing the method declaration as

Code:

public static extern int pcap_setfilter(IntPtr p,ref IntPtr fp);

If I remove the ref for both, I get AccessViolation and when I put for both I get the SEH one.

The problem I now have is that the packets are not getting filtered. Nothing is getting captured.
However, when I give an empty string at the place of the filtering string, the program captures all the packets.